Can't compile large .drl files with security manager turned on in tomcat ------------------------------------------------------------------------ Key: DROOLS-4169 URL: https://issues.redhat.com/browse/DROOLS-4169 Project: Drools Issue Type: Bug Affects Versions: 7.22.0.Final Environment: Java 11 Tomcat 9 Ubuntu 18.10/Amazon Linux AMI Reporter: Anthony Bruno Assignee: Mario Fusco Priority: Major Reproduction repository: https://github.com/AussieGuy0/drools-bug *Summary* When large rule (.drl) files are complied **with** the security manager turned on in a servlet container (e.g. Tomcat), it causes `AccessControlExceptions`, which causes `NoClassDefFoundErrors`. *Steps* Prereqs: Program is run in servlet context (e.g .war file in tomcat) 1. Turn on security manager 2. Provide policy files through the properties `java.security.policy` and `kie.security.policy` 3. Compile a `.drl` file that has more than `parallelRulesBuildThreshold` (default: 10) rules *Expected Result* Rules are compiled successfully *Actual Result* No class def error *Cause* In `KnowledgeBuilderImpl`, a `ForkJoinPool` is created and used for parallel building. A `ForkJoinPool` with no `ForkJoinWorkerThreadFactory` specified, it will use a default factory that provides it's own permissions. These permissions are not sufficient for compiling drl files in a servlet context. *Potential Fix* A potential fix is to allow the user to provide their own `ForkJoinWorkerThreadFactory` as a configuration option for drools.